Jaijeya
I am exploring NASA for SQL injections and XSS since mid January and to my wonder every 3 minutes I've discovered a new SQL injection vulnerability or XSS.
The SQL injection allowed me to access user credentials, File System and internal networks and precious information from their servers.

The database servers deployed by them vary to nearly all type of servers on different systems like Sybase, Oracle, MySQL, SQL server, MS-Access, NoSQL etc.

Yes thats right.
I think now they should prepare a virus like in Terminator movie to administer their huge networks automatically and that can learn and identify the problems and fix them automatically.

Yeah, most folks have enough trouble administrating 1 box (their own) let alone thousands of boxes. There is no way you can secure them all effectively. Imagine the horror of a patch schedule for all those boxes. It would imply they need at least 1 guy administrating 10 to 20 boxes or they loose track. That's a lot of guys, all working in different departments, different skills, no web application skills whatsoever. So I'm guessing they made the trade-of with a security policy where sensitive data is in different more tightly monitored clusters.

Yeah thats right.
Somewhere I read that Pentagons Cyber Security Budget is over 100 million$.
This is a great amount.
Another thing is that actually we talk about home PCs can be used to attack as zombie to other networks, likewise these system's can also be used for further attacks or exploration of their internal networks.
In some of NASA cases same was true, the compromised database allowed me to further enumerate internal network.

Actually they are doing what is taught are preliminary avoiding terms during learning secure software development. I mean they are employing security at perimeter at some places like HTTP level and not at the application level.
Like in some cases, u can grab information of internal systems or server itself by causing something unexpected like any error and the applications are throwing huge heaps of information enough for an attacker whereas the http filter doesn't stop such outward flow, so at those networks only the invard traffic is analysed.

Well all in all, we are just curious people and can just attempt ourself to know where is our taxes are actually being used up and how effective.
There is no opposition (of assembly off course) to debate on this or stop this useless expending.

A blind SQL injection in Pentagon server:
http://carlislebarracks.carlisle.army.mil/about/hours.cfm?recid=59order+by+13
The stacked queries are also working check two cases below if query returns properly it means db engine is Microsoft SQL server:
http://carlislebarracks.carlisle.army.mil/about/hours.cfm?recid=5order+by+13;select+@@version
and now test this:
http://carlislebarracks.carlisle.army.mil/about/hours.cfm?recid=5order+by+13;select+@@veion